Re: Capturing System Calls

[Lee_Badger () NAI COM (Badger, Lee)]

Oops.  Just read the original message more closely and saw that kernel
modules are out.  Sigh.

Lee

> -----Original Message-----
> From: Badger, Lee
> Sent: Thursday, June 22, 2000 3:22 PM
> To:   VULN-DEV () SECURITYFOCUS COM
> Cc:   Feldman, Mark; Spector, Larry; O'Brien, Eric; Badger, Lee
> Subject:      Re: Capturing System Calls
>
> We have a research tool that allows you to capture and modify system calls
> on Solaris, FreeBSD, Linux, and NT/Win2000.  It's called Generic Software
> Wrappers.
>
> Source code is available free at:  ftp://ftp.tislabs.com/pub/wrappers
>
> Basically, our tool adds a loadable kernel module into the system (except
> on Windows, where it's at the DLL level), and provides a language that you
> use to specify which system calls you'd like intercepted, and what you'd
> like done with them.
>
> Lee
>
> Lee Badger
> NAI Labs
> Network Associates
>
> > -----Original Message-----
> > From: Green Charles Contr AFRL/IFGB [mailto:Charles.Green () RL AF MIL]
> > Sent: Thursday, June 22, 2000 9:23 AM
> > To: VULN-DEV () SECURITYFOCUS COM
> > Subject: Capturing System Calls
> >
> >
> > On UNIX Systems, (FreeBSD, Linux, Solaris) is there a way to
> > capture/modify
> > system calls calls from an application with out modifying the
> > kernel (or
> > using kernel modules) - preferably in userspace? The reason I
> > ask is that a
> > group of us are being asked to evaluate a piece of software
> > for my company
> > but they've put some heavy restrictions on how we do it. One of the
> > restriction is that we're not allowed to modify the kernel.